Ideas Adapting to the Steady Elimination of “Silent Cyber” Coverage DANIEL J. HEALY ANDERSON KILL These policies and contracts transfer certain types of
As insurance companies continue to look for ways to absolve themselves of liability for cyber-related losses, it is imperative that in-house counsel be well informed about all possible avenues of indemnity for their company.
D
ata breaches have made headlines for years. The marquee victims – or culprits, depending on your point of view – have been large retail-facing companies that have had millions of their customers’ personal and financial data records exposed by hackers. Banks and other financial institutions are also at a high risk of major losses from cyberbreaches because they inherently collect and store personal identification and financial information about thousands of people and businesses. In-house counsel have had to educate themselves about both the available cyberinsurance coverage and the indemnity obligations in the involved contracts.
risks. A company’s insurance policies can pay for its own losses as well as its liabilities to others. Where robust indemnity agreements are in place, they can transfer the obligations to pay for such losses and liabilities to, or away from, the company itself. Siphoning cyber coverage into specialty policies Cyber policies have proliferated over the past 15 years and now come in many varieties, providing different types of coverage. Some are stand-alone cyber policies with typical coverage for breaches, notification costs, data restoration, ransomware and other situations. Other policies are derivations of errors and omissions (E&O) policies that focus on the act or cause of a loss and extend coverage for data loss and liability to others.
For years, other policies, such as general liability,
property insurance, and directors and officers (D&O) CORPORATE COUNSEL BUSINESS JOURNAL
25
